Page MenuHomeFreeBSD
Differential D45420

mitigations.7: mention supervisor mode memory access protections
ClosedPublic
Actions

Authored by emaste on Fri, May 31, 2:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Jun 27, 5:03 PM
Unknown Object (File)
Mon, Jun 24, 11:42 AM
Unknown Object (File)
Mon, Jun 24, 11:31 AM
Unknown Object (File)
Mon, Jun 24, 11:29 AM
Unknown Object (File)
Mon, Jun 24, 11:26 AM
Unknown Object (File)
Mon, Jun 24, 11:24 AM
Unknown Object (File)
Mon, Jun 24, 11:23 AM
Unknown Object (File)
Mon, Jun 24, 11:23 AM
View All 14 Files
Subscribers
andrew

Details

Reviewers
olce
imp
kib
Commits
rG72ece341b427: mitigations.7: mention supervisor mode memory access protections

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste requested review of this revision.Fri, May 31, 2:15 PM
emaste created this revision.
imp accepted this revision.Fri, May 31, 2:20 PM
This revision is now accepted and ready to land.Fri, May 31, 2:20 PM
olce accepted this revision.Fri, May 31, 2:26 PM
olce added inline comments.
share/man/man7/mitigations.7
249
emaste added inline comments.Fri, May 31, 2:29 PM
share/man/man7/mitigations.7
239

small addition staged in my tree

emaste updated this revision to Diff 139260.Fri, May 31, 2:50 PM
emaste added a reviewer: kib.

Describe the two different features in more detail

This revision now requires review to proceed.Fri, May 31, 2:50 PM
kib added a comment.Fri, May 31, 2:59 PM

It is also worth mentioning that SMAP/PAN provide very effective NULL pointer dereference protection in kernel, and make mapping a page at address zero safe.

share/man/man7/mitigations.7
239

'not owned by the kernel' is a weird formulation, I even have to stop digesting it. The right way to express it is probably 'pages accessible to userspace/non-privileged code'.

andrew added a subscriber: andrew.Fri, May 31, 3:03 PM
andrew added inline comments.
share/man/man7/mitigations.7
248

I think PAN only prevents read/write as it's just for data accesses.

emaste updated this revision to Diff 139262.Fri, May 31, 3:04 PM

feedback from @kib

emaste updated this revision to Diff 139263.Fri, May 31, 3:05 PM

Feedback from @andrew

kib accepted this revision.Fri, May 31, 3:20 PM
This revision is now accepted and ready to land.Fri, May 31, 3:20 PM
Closed by commit rG72ece341b427: mitigations.7: mention supervisor mode memory access protections (authored by emaste). · Explain WhyFri, May 31, 7:36 PM
This revision was automatically updated to reflect the committed changes.
emaste added a commit: rG72ece341b427: mitigations.7: mention supervisor mode memory access protections.

Revision Contents
Changeset List

PathSize
share/
man/
man7/
24 lines

Diff 139272

View Options

share/man/man7/mitigations.7

Loading...